oracle-base - linux samba configuration
TRANSCRIPT
-
7/25/2019 ORACLE-BASE - Linux Samba Configuration
1/4
Home Articles Scripts Forums Blog Certification Misc Search
About Printer Friendly
Tweet 0 1
Oracle 8i | Oracle 9i | Oracle 10g | Oracle 11g | Oracle 12c | Miscellaneous | PL/SQL | SQL | Oracle RAC | Oracle Apps |
Linux
Home Articles Linux Here
Linux Samba Configuration
This article provides an introduction to Samba configuration on
Linux, with specific reference to the information needed for the
RHCE EX300 certification exam.
Remember, the exams are hands-on, so it doesn't matter
which method you use to achieve the result, so long as the end
product is correct.
Installation
Firewall
SELinux
Create Network Shares
Create Network Shares for Group Collaboration
Security
Mapping User Names
Mounting Samba Shares
Related articles.
Linux File Systems (mkfs, mount, fstab)
Linux NFS Configuration
Installation
The Samba service is installed from a Yum repository using the following command.
# yum install samba
Turn on the Samba server and make sure it starts automatically on reboot.
# service smb start# chkconfig smb on
Samba is configured by altering the contents of the "/etc/samba/smb.conf" and "/etc/samba/smbusers" files.
Configuration changes have to be followed by a reload or a restart of the smb service.
# service smb restart# # or# service smb reload# /etc/init.d/smb reload
Firewall
If you are using the Linux firewall, you need to open ports 139 and 445 specifically. The Samba documentation suggestopening 3 additional ports also. Assuming you are using a firewall setup file, as described here, you can include the
following additions to the INPUT chain.
Like 0
Translate
//www.oracle-base.com/articles/linux/linux-samba-configuration.php 1
-
7/25/2019 ORACLE-BASE - Linux Samba Configuration
2/4
# Open ports for SAMBA.iptables -A INPUT -p tcp --dport 135 -j ACCEPTiptables -A INPUT -p tcp --dport 137 -j ACCEPTiptables -A INPUT -p tcp --dport 138 -j ACCEPTiptables -A INPUT -p tcp --dport 139 -j ACCEPTiptables -A INPUT -p tcp --dport 445 -j ACCEPT
SELinux
If you are using SELinux, you will need to consider the following points.
The SELinux booleans associated with the Samba service are displayed using the getseboolcommand.
# getsebool -a | grep sambasamba_create_home_dirs --> offsamba_domain_controller --> offsamba_enable_home_dirs --> offsamba_export_all_ro --> offsamba_export_all_rw --> offsamba_run_unconfined --> offsamba_share_fusefs --> offsamba_share_nfs --> offsanlock_use_samba --> offuse_samba_home_dirs --> offvirt_use_samba --> off#
The setseboolcommand is used to set a specific boolean value.
# setsebool use_samba_home_dirs on# setsebool use_samba_home_dirs off
The samba_share_tcontext should be assigned to all content.
# semanage fcontext -a -t samba_share_t "/u01(/.*)?"# restorecon -F -R -v /u01
You can check the current context setting on files and directories using the "ls -alZ" command.
More information on SELinux can be found here.
Create Network Shares
Shares are created by editing the "/etc/samba/smb.conf" file. In RHEL5 and Fedora distributions you can use a GUI tool
called system-config-samba, but this has been removed from RHEL6.
The "/etc/samba/smb.conf" file contains an example share definition towards the bottom of the file. The ";" characters
are comments.
# A publicly accessible directory, but read only, except for people in# the "staff" group; [public]; comment = Public Stuff; path = /home/samba; public = yes; writable = yes; printable = no; write list = +staff
More detailed information is available using the "man smb.conf" or "info smb.conf" commands. The following
example defines a share accessible to a user called "john_doe" and members of the "developers" group.
[u01]
//www.oracle-base.com/articles/linux/linux-samba-configuration.php 2
-
7/25/2019 ORACLE-BASE - Linux Samba Configuration
3/4
valid users = john_doe @developers write list = john_doe @developers path = /u01 writeable = yes create mask = 0775
Remember to reload the configuration, or restart the smb service for the changes to take effect.
The next section shows a worked example, so this should make things a little clearer.
Create Network Shares for Group Collaboration
This section describes the steps necessary to create Samba shares suitable for group collaboration.
Create a group that will act as the owner of the shared files.
# groupadd developers
Create some users that are assigned to the "developers" group.
# useradd dev1 -G developers
# passwd dev1 # password set to dev1
# id dev1uid=501(dev1) gid=504(dev1) groups=504(dev1),506(developers)#
# useradd dev2 -G developers# passwd dev2 # password set to dev2
# id dev2uid=502(dev2) gid=505(dev2) groups=505(dev2),506(developers)#
Set the Samba password for the users.
# smbpasswd -a dev1New SMB password:Retype new SMB password:Added user dev1.#
# smbpasswd -a dev2New SMB password:Retype new SMB password:Added user dev2.#
Create a directory to own the shared files, making sure its group is set correctly. The permissions are set to "g+rwx"
(0770), since the group is the defining factor in accessing data in this directory.
# mkdir /developers_dir# chgrp developers /developers_dir# chmod g+s /developers_dir# chmod -R 770 /developers_dir
Add the following share into the "/etc/samba/smb.conf" file. Notice the 0770 permissions again, so users don't
accidentally create files that can't be amended by other members of the group.
[devshare]browseable=yespath = /developers_dir
force group = +developersvalid users = @developerswrite list = @developerscreate mask = 0770
//www.oracle-base.com/articles/linux/linux-samba-configuration.php 3
-
7/25/2019 ORACLE-BASE - Linux Samba Configuration
4/4
force create mode = 660
Reload the Samba configuration.
# service smb reloadReloading smb.conf file: [ OK ]#
From another machine, mount the share as the "dev1" user and create a file.
# mkdir -p /u01/dev1# mount -t cifs -o rw,username=dev1,password=dev1 //192.168.0.190/devshare /u01/dev1# echo "apples" >> /u01/dev1/test.txt
From another machine, mount the share as the "dev2" user and edit the file created previously.
# mkdir -p /u01/dev2# mount -t cifs -o rw,username=dev2,password=dev2 //192.168.0.190/devshare /u01/dev2# echo "oranges" >> /u01/dev2/test.txt# cat /u01/dev2/test.txt
applesoranges#
Security
The basic user security model for Samba is quite simple. As shown previously, existing Linux users can be made into
Samba users by issuing the "smbpasswd -a" command. This allows shares to be made user-specific by adding the
users into the "valid users" and "write list" entries of the "/etc/samba/smb.conf" file.
In a similar manner, permissions can be at the group-level by specifying the group with a preceeding "@" symbol.
Host-level security can be controlled using the Linux Firewall, or by addition of the "hosts allow" or "hosts deny"
parameters to the share definitions on the "/etc/samba/smb.conf" file. If these settings are placed in the "[global]"
section of the file, they affect all share defintions.
Mapping User Names
The "/etc/samba/smbusers" file is used to map Samba user names to Linux user names, allowing for different naming
standards between machines running different operating systems. The default settings in the file map the common
Windows users of "admin" and "administrator" to the Linux "root" user.
# Unix_name = SMB_name1 SMB_name2 ...root = administrator adminnobody = guest pcguest smbguest
Mounting Samba Shares
The following links point to articles on this site about mounting Samba shares:
mount and unmount
/etc/fstab
Credentials File
For more information see:
Samba Documentation
RHEL6 Managing Confined Services : Samba
Linux man pages
RHCSA and RHCE
Linux File Systems (mkfs, mount, fstab)
Linux NFS Configuration
Hope this helps. Regards Tim...
// l b / ti l /li /li b fi ti h 4